Research
Awesome data visualization stuff…
Steven Murdoch over at lightbluetouchpaper did an investigation into the Privila internship program.. What was also cool however was that he threw together a quick visualization of the data Moving graphs are always cool, and the fact that he got it together so quickly was impressive.. a quick check shows that he used the Prefuse toolkit which is a totally BSD lic. visualization toolkit that looks simple to use with…
Another attempt at you-tube science, aka how to save 36c when changing the batteries on your remote!
ok.. so a long time ago we tried the you-tube mentos stuff and happily wasted time (and coke) in the office parking lot.. (of course this was after half assed attempts to mimic the experiments imperfectly.. given the typical office makeup, this ensured that we tried it with various other softdrinks, various other sweets and at one point even tried microwaving the drink cause roelof thought “the cold was ruining…
Thunks from hacking games
In Vegas I bought Herman “Exploiting Online Games” by Greg Hoglund and Gary McGraw. Being the saint that I am, I looked at the book thoroughly on the plane on the way home. Fortunately I was able to verify that most of the pages were there and intact and that were no blatant spelling or grammatical errors – it wouldn’t do to give Herman a broken book. Whilst I was…
F(inally)ull Release of BlackHat-Defcon Timing Stuff..
The slides | tool | paper from BlackHat07/DefCon07 have been posted online for your wget’ing pleasure. More details on squeeza (the tool) can be found on the squeeza page, but in a nutshell is a sql injection tool that uses Metasploits concept of splitting exploit/payloads/etc with SQL Injection attacks. Current modules are written for MS-SQL server but include functionality for (user defined sql queries, some db schema enumeration, command execution,…
Squeeza: The SQL Injection Future?
During our talk we demo’d squeeza.. We will link to the slides and .ppt as soon as we can, but have been getting a few requests already for the code, so here it is.. For those who missed the talk, squeeza is a SQL Injection tool, that once given an entry point can simply a bunch of things. Its the first tool i know of that facilitates full binary file…
BlackHat Progress Report
(always wanted to say that!) 2 SensePost Training sessions are over, and as i type The weekday sessions are at about 50%. Feedback so far has been pretty cool and its been fun to meet new people / bump into some old friends.. The next “biggie” on the horizon is Wednesdays talk.. We have had a fair bit of interest so far and even though the slot has some stiff…
Viva Las Vegas!
BlackHat Vegas is almost on us again, and this will be the 6th year running that we present there.. This year Marco and i will be taking a new look at some old attacks.. The bulk of the talk will focus (like its name suggests) on timing attacks, but we will be looking in general at timing, race conditions and other attacks that have not yet been packaged into tools…
Threat Modelling Talk at CSI Phoenix
After a six hour delay due to technical problems *before* my journey even started I’m finally on the plane and waiting for take off. Tag an additional five hour delay due to a missed connection in New York and this quickly become a very, very long trip. Perhaps my longest ever. Ah well, the price we pay for living at the end of the world, I guess. I’m on my…
Prev
Page 8 of 8